marcoallegretti/karapace
1
0
Fork 0
mirror of https://github.com/marcoallegretti/karapace.git synced 2026-03-26 21:43:09 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions
19 commits 2 branches 0 tags 746 KiB
Commit graph

19 commits

This branch
This branch
All branches
Author SHA1 Message Date
Marco Allegretti
37211dfd22 fix CI: fmt, skip migrate readonly test as root, fix container shell 
- Run cargo fmt on skip_if_root() blocks
- Add skip_if_root() to migrate_atomic_version_unchanged_on_write_failure
- Add libc dev-dependency to karapace-store for root check
- Remove explicit shell: sh from container rustup steps (OCI exec
  can't find sh in PATH; default run shell works)
 2026-02-22 20:11:09 +01:00
Marco Allegretti
cc67d70211 fix CI: skip readonly tests as root, manual rustup for containers 
- Add skip_if_root() to 8 permission-based tests (root bypasses
  filesystem permissions in Docker containers)
- Replace dtolnay/rust-toolchain with manual rustup install via sh
  for container-based jobs (opensuse lacks bash, which the composite
  action requires)
- Keep dtolnay/rust-toolchain for non-container ubuntu jobs
 2026-02-22 20:03:42 +01:00
Marco Allegretti
fd7313a318 fix CI: skip prereq check for mock backend, add bash to opensuse 
- Add KARAPACE_SKIP_PREREQS=1 env var check to skip runtime prerequisite
  checks (user namespaces, fuse-overlayfs) when testing with mock backend
- Set KARAPACE_SKIP_PREREQS=1 in CLI integration test helper
- Add bash to opensuse/tumbleweed container deps (required by
  dtolnay/rust-toolchain action)
 2026-02-22 19:56:47 +01:00
Marco Allegretti
3091e5e932 fix CI: bump Rust 1.88→1.93 (lockfile v4 requires newer cargo) 
Cargo.lock version=4 format is not supported by older Rust toolchains.
Pin to 1.93 to match local dev toolchain and lockfile format.
 2026-02-22 19:45:33 +01:00
Marco Allegretti
3e4f2597c5 fix CI: bump Rust 1.82→1.88 (MSRV), fix lockfile check, add xz to opensuse 
- Bump RUST_TOOLCHAIN from 1.82 to 1.88 in ci.yml, release.yml,
  supply-chain-test.yml (darling/time crates require 1.88)
- Replace fragile cargo-update+diff lockfile check with cargo check --locked
- Add xz package to opensuse container deps (needed by rustup)
 2026-02-22 19:41:31 +01:00
Marco Allegretti
abb89d298a pre-publish fixes: pin SBOM tool version, remove hardcoded paths, fix changelog 
- Pin cargo-cyclonedx@0.5.5 in scripts/generate-sbom.sh (matches CI)
- Remove hardcoded /home/lateuf paths from .cargo/config.toml
- Remove stale 'quick' command reference from CHANGELOG 0.1.0
 2026-02-22 19:36:26 +01:00
Marco Allegretti
bb03d3adad ci: GitHub Actions CI/CD, supply chain hardening, reproducible builds 
- .github/workflows/ci.yml — 17 jobs: fmt, clippy, test, e2e, enospc, e2e-resolve,
  build-release (gnu+musl), smoke-test, reproducibility-check (gnu+musl),
  cross-run-reproducibility (gnu+musl), lockfile-check, cargo-deny, ci-contract
- .github/workflows/release.yml — 4 jobs: build, sign (cosign OIDC), verify, publish
- .github/workflows/supply-chain-test.yml — 11 adversarial jobs: build-and-sign,
  verify-signatures, tamper-binary, tamper-sbom, tamper-signature-removal,
  adversarial-env-injection, adversarial-artifact-tampering, adversarial-build-script,
  adversarial-credential-injection, adversarial-rustflags-bypass, verify-docs-executable
- .github/actions/karapace-build/action.yml — reusable build action
- .cargo/config.toml — SOURCE_DATE_EPOCH=0, local path remapping for reproducibility
- CI_CONTRACT.md — required jobs list enforced by ci-contract gate job
- scripts/generate-sbom.sh — CycloneDX SBOM generation
- CARGO_INCREMENTAL=0 globally, cargo clean before all release builds
- Cosign keyless signing with GitHub Actions OIDC
- 32 total CI jobs across 3 workflows
 2026-02-22 18:39:00 +01:00
Marco Allegretti
5306963cce docs: comprehensive public documentation 
- docs/getting-started.md — install per distro, first use, common workflows
- docs/architecture.md — 9-crate dependency graph, design decisions, data flow
- docs/manifest-spec.md — manifest v1 specification
- docs/lock-spec.md — lock file v2 specification
- docs/store-spec.md — store format v2 specification
- docs/hash-contract.md — two-phase identity hashing algorithm
- docs/security-model.md — threat model, mount/device/env policy, privilege model
- docs/cli-stability.md — 23 stable commands, exit codes, stability guarantees
- docs/protocol-v1.md — remote protocol v1 draft
- docs/layer-limitations-v1.md — phase 1 layer limitations
- docs/api-reference.md — public API reference (Engine, D-Bus)
- docs/versioning-policy.md — semantic versioning, deprecation policy
- docs/verification.md — release artifact verification (SHA256, cosign, SBOM)
- docs/e2e-testing.md — E2E test guide with distro-specific prerequisites
- README.md — project overview, features, quick start, installation
- CONTRIBUTING.md — development setup, architecture principles, code standards
- CHANGELOG.md — full changelog for 0.1.0 and 2.0 hardening
 2026-02-22 18:38:41 +01:00
Marco Allegretti
155efdf7c9 feat: example manifests and service files 
- examples/minimal.toml — bare openSUSE system
- examples/dev.toml — developer tools (git, vim, tmux, gcc, clang)
- examples/gui-dev.toml — GUI development with GPU + audio passthrough
- examples/ubuntu-dev.toml — Ubuntu-based with Node.js, Python, build-essential
- examples/rust-dev.toml — Rust development environment
- data/dbus/org.karapace.Manager1.service — D-Bus service activation file
- data/systemd/karapace-dbus.service — hardened systemd user unit
 2026-02-22 18:38:24 +01:00
Marco Allegretti
38be2c584d feat: karapace-dbus — socket-activated D-Bus service with 11 methods 
- org.karapace.Manager1 D-Bus interface
- 11 methods: ListEnvironments, GetEnvironmentStatus, GetEnvironmentHash,
  BuildEnvironment, BuildNamedEnvironment, DestroyEnvironment, RunEnvironment,
  RenameEnvironment, ListPresets, GarbageCollect, VerifyStore
- Name-aware resolution (env_id, short_id, name, prefix)
- Desktop notifications via notify-rust (non-fatal if daemon unavailable)
- Typed serde response structs (no hand-rolled JSON)
- 30-second idle timeout for socket activation
- Hardened systemd unit: ProtectSystem=strict, ProtectHome=read-only,
  PrivateTmp, NoNewPrivileges
 2026-02-22 18:38:09 +01:00
Marco Allegretti
1416b0fc99 feat: karapace-cli — 23 commands, thin dispatcher, progress indicators 
- 23 commands, each in its own module under commands/
- Thin main.rs dispatcher with clap subcommand routing
- Progress spinners (indicatif) and colored state output (console)
- Environment resolution by env_id, short_id, name, or prefix
- Structured JSON output (--json) on all query commands
- --verbose/-v for debug, --trace for trace-level logging
- KARAPACE_LOG env var for fine-grained log control
- Exit codes: 0 success, 1 failure, 2 manifest error, 3 store error
- Prerequisite check before runtime operations
- Shell completions (bash/zsh/fish/elvish/powershell) and man page generation
 2026-02-22 18:37:54 +01:00
Marco Allegretti
4a90300807 feat: karapace-tui — interactive terminal UI for environment management 
- ratatui + crossterm based TUI
- List/Detail/Help views with vim-style keybindings (j/k, g/G, Enter, q)
- Search/filter (/), sort cycling (s/S)
- Freeze, archive, rename actions from UI
- Destroy with confirmation dialog
- Color-coded environment states
 2026-02-22 18:37:39 +01:00
Marco Allegretti
23ac53ba4d feat: karapace-server — reference remote server implementing protocol v1 
- tiny_http-based HTTP server for blob storage and registry
- Dual URL routing: /blobs/Kind/key and /kind_plural/key
- Blob CRUD: PUT, GET, HEAD, list by kind
- Registry: GET/PUT for name@tag references
- TestServer helper for integration testing
- 7 HTTP E2E tests: roundtrip, push/pull, concurrent clients, restart persistence
 2026-02-22 18:37:27 +01:00
Marco Allegretti
11034ee27a feat: karapace-remote — remote content-addressable store, push/pull, registry 
- RemoteBackend trait: put/get/has blob, registry operations
- HTTP backend (ureq): blob transfer with X-Karapace-Protocol header
- Push/pull transfer with blake3 integrity verification on pull
- JSON registry for name@tag references
- RemoteConfig: persistent server URL configuration
- Auth token support via Bearer header
- Header-capturing mock server for protocol verification tests
 2026-02-22 18:37:14 +01:00
Marco Allegretti
f535020600 feat: karapace-core — engine orchestration, lifecycle state machine, drift control 
- Engine: init → resolve → lock → build → enter/exec → freeze → archive → destroy
- Cached store_root_str avoiding repeated to_string_lossy() allocations
- WAL-protected build, enter, exec, destroy, commit, restore, GC operations
- Overlay drift detection: diff/commit/export via upper_dir scanning
- Deterministic snapshot commit with composite identity hashing
- Atomic restore via staging directory swap
- StoreLock: compile-time enforcement via type parameter on gc()
- Signal handler: SIGINT/SIGTERM graceful shutdown with AtomicBool
- Push/pull delegation to karapace-remote backend
- Crash recovery: stale .running marker cleanup on Engine::new()
- Integration tests, E2E tests, crash injection tests, ENOSPC simulation
- Criterion benchmarks: build, rebuild, commit, restore, GC, verify
 2026-02-22 18:37:02 +01:00
Marco Allegretti
8493831222 feat: karapace-runtime — namespace/OCI/mock backends, sandbox, host integration 
- RuntimeBackend trait: resolve, build, enter, exec, destroy, status
- Namespace backend: unshare + fuse-overlayfs + chroot (unprivileged)
- OCI backend: crun/runc/youki support
- Mock backend: deterministic test backend with configurable resolution
- Image downloading from images.linuxcontainers.org with blake3 verification
- Sandbox script generation with POSIX shell-quote injection prevention
- Host integration: Wayland, X11, PipeWire, PulseAudio, D-Bus, GPU, audio, SSH agent
- Desktop app export as .desktop files on the host
- SecurityPolicy: mount whitelist, device policy, env var allow/deny, resource limits
- Prerequisite detection with distro-specific install instructions
- OSC 777 terminal markers for container-aware terminals
 2026-02-22 18:36:46 +01:00
Marco Allegretti
4de311ebc7 feat: karapace-store — content-addressable object store, layers, metadata, WAL 
- ObjectStore: blake3-addressed objects, atomic writes (NamedTempFile + persist)
- Integrity verification on every read (hash comparison without String allocation)
- LayerStore: layer manifests with Base/Dependency/Policy/Snapshot kinds
- MetadataStore: environment state machine, naming, ref-counting, blake3 checksum
- GarbageCollector: signal-cancellable orphan cleanup, protects live references
- WriteAheadLog: crash recovery with typed rollback steps (RemoveDir/RemoveFile/ResetState)
- StoreLayout: #[inline] path accessors, store format v2 versioning
- Store migration: v1→v2 with atomic version file rewrite
- Deterministic tar packing/unpacking (sorted entries, zero timestamps, uid/gid 0)
- fsync_dir() for POSIX-portable rename durability
 2026-02-22 18:36:31 +01:00
Marco Allegretti
cdd13755a0 feat: karapace-schema — manifest v1, normalization, identity hashing, lock file v2 
- TOML manifest parsing with strict schema validation (deny_unknown_fields)
- Deterministic normalization: sorted packages, deduplication, canonical JSON
- Two-phase identity: preliminary (from manifest) and canonical (from lock)
- Lock file v2: resolved packages with pinned versions, base image content digest
- Dual lock verification: integrity (hash) and manifest intent (drift detection)
- Built-in presets: dev, dev-rust, dev-python, gui-app, gaming, minimal
- Blake3 256-bit hashing throughout
 2026-02-22 18:36:15 +01:00
Marco Allegretti
78d40c0d0a chore: project skeleton — workspace root, license (EUPL-1.2), deny config 
- Cargo workspace with 9 crates
- EUPL-1.2 license
- cargo-deny configuration for license/advisory auditing
- .gitignore for target/, docu_dev/, editor files
 2026-02-22 18:36:03 +01:00